I have the following code to do a repository dispatch to another repository:
jobs:
trigger-repository-dispatch:
runs-on: ubuntu-latest
env:
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
REPOSITORY: ${{ inputs.repository }}
steps:
- name: Checkout project
uses: actions/checkout@v3
- name: Trigger dependant common project repository dispatch
run: |
curl -X POST https://api.github.com/repos/${REPOSITORY}/dispatches \
-H 'Accept: application/vnd.github.everest-preview+json' \
-H "Authorization: Bearer ${ACCESS_TOKEN}" \
--data '{"event_type": "success"}'
In the secrets.ACCESS_TOKEN its my PAT to authenticate with the otre repo.
This code works if I set the env.ACCESS_TOKEN variable with plain text but if I try to read it from secrets it returns this and of course doesn't trigger the destination workflow:
{
"message": "Bad credentials",
"documentation_url": "https://docs.github.com/rest"
}
Any ideas?
If the GHA workflow is triggered as workflow_call you must pass the secrets from the caller (or in my case, the caller hierarchy) as stated in Reusing Workflows: Using inputs and secrets in a reusable workflow.